Scale Posted December 7, 2007 Posted December 7, 2007 What is the best option to send to strings from 1 program to the other?At first i was simply reading the memory but on restart the address changes.Thanks allot!
metr0 Posted December 7, 2007 Posted December 7, 2007 Remote threads and dll injections are good for that purpose, I'd say. The code in the remote thread could store the string inside a buffer of the original program, but that depends on whether you got control over the original app or not.
Scale Posted December 7, 2007 Author Posted December 7, 2007 Remote threads and dll injections are good for that purpose, I'd say. The code in the remote thread could store the string inside a buffer of the original program, but that depends on whether you got control over the original app or not.So if i understand correctly your idea would be to hook the function and write the strings to an address which is always the same?I was thinking dll injection + detouring as well but the only example of that i have seen was c++ and i only know c# and ASM.Lets google if theres any c# detouring classes,Thanks for the tip!
metr0 Posted December 7, 2007 Posted December 7, 2007 Yep. Another way would be doing all this stuff remote - allocate some buffer (VirtualAllocEx), write some stirngs there (WriteProcessMemory) and do whatever you'd like to (like chaning some particular string reference to a reference to your new allocated buffer, using VirtualProtectEx and WriteProcessMemory).Think of some ways and find the one that suits best for your current situation.Good luck.
cektop Posted December 8, 2007 Posted December 8, 2007 This is a good examples of how crackers think There are standardized ways of inter-process communication, which is in my opinion preferable to writing to other process memory which always leaves risks. For examples pipes, .net remoting, tcp or semaphores. Coding with low level procedures will give you nice insight of how processes work under the hood, but reading on IPC is better for developing. http://en.wikipedia.org/wiki/Inter-process_communication
Scale Posted December 9, 2007 Author Posted December 9, 2007 (edited) Ok lets add 2 questions, Im injecting a libary which hooks a function, now for this injection i alloc some memory for the link to the libary to be loaded, So if i use VirtualAllocEx(hprocess, (IntPtr)0x00200000, (uint)dllpath.Length + 1, 0x1000, 4); It would create space at 00200000 which i can perfectly use then later read the data out off. So question one would be is 00200000 a wise location? And my second question is without a doubt a noob question, In my detoured function i want to move a string to 00200000 pointer to the string is currently in ESI how would i do it? I think i gotta loop and write each byte but i just cant get it in code an example would greatly be apriciated. EDIT: I fixed it like this: char * sts; __asm { mov sts, ESI } size_t b = strlen(sts); __asm { push b push ESI push 0x200200 CALL memccpy } The call to memcpy is total bollox, but dll has its own memcpy so i could manually correct the call, Yes i know jack about c++ But it works ^^ Edited December 10, 2007 by Scale
metr0 Posted December 15, 2007 Posted December 15, 2007 (edited) Great to hear it works, but just one little addition. I will quote the MSDN (for the function VirtualAllocEx). If lpAddress is NULL, the function determines where to allocate the region. So you will get a good pointer returned in eax and do'nt have to care about 00200000 being a wise location or not. Edited December 15, 2007 by metr0
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now